Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CANNOT PING VLAN INTERFACE IP FROM SAME VLAN

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    4 Posts 3 Posters 197 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • HHUBSH
      HHUBS
      last edited by

      PC A and PC B are on VLAN 15. They can ping each other but they can't ping their gateway which is the VLAN 15 interface IP. This is connected to pfsense igc2. The VLAN 15 IP is 192.168.15.1.

      However, if I add a any any rule on this interface(to test). They can now ping the 192.168.15.1.

      I'm thinking this is the default behaviour because of this note:

      "No rules are currently defined for this interface. All incoming connections on this interface will be blocked until pass rules are added. Click the button to add a new rule."

      Question is, is this the default behaviour? Or I should ping it from the same VLAN even if no rules are added?

      I'm just confuse because the gateway is literally on the same subnet.

      Bob.DigB johnpozJ 2 Replies Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @HHUBS
        last edited by

        @HHUBS said in CANNOT PING VLAN INTERFACE IP FROM SAME VLAN:

        Or I should ping it from the same VLAN even if no rules are added?

        No, it is the firewall and with that, it is able and will block the connection without rules. Different would be to ping a host on a switch, which is in the same LAN. Then the connection is not hitting the firewall in the first place and the firewall can do nothing about it.

        HHUBSH 1 Reply Last reply Reply Quote 1
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @HHUBS
          last edited by

          @HHUBS out of the box the only interface with default rule to allow is lan that defaults to an any any rule, anti-lockout.. If you create a new interface be it vlan or native you would have to add the rules you want.

          Yes by default no rules would hit the default deny and yes block ping, or any other access.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • HHUBSH
            HHUBS @Bob.Dig
            last edited by

            @Bob-Dig said in CANNOT PING VLAN INTERFACE IP FROM SAME VLAN:

            @HHUBS said in CANNOT PING VLAN INTERFACE IP FROM SAME VLAN:

            Or I should ping it from the same VLAN even if no rules are added?

            No, it is the firewall and with that, it is able and will block the connection without rules. Different would be to ping a host on a switch, which is in the same LAN. Then the connection is not hitting the firewall in the first place and the firewall can do nothing about it.

            @johnpoz said in CANNOT PING VLAN INTERFACE IP FROM SAME VLAN:

            @HHUBS out of the box the only interface with default rule to allow is lan that defaults to an any any rule, anti-lockout.. If you create a new interface be it vlan or native you would have to add the rules you want.

            Yes by default no rules would hit the default deny and yes block ping, or any other access.

            Thank you so much for your help. 👍

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.